ICD Brief 4.

ICD Brief 4.

08.08.2016. – 15.08.2016.

USA

“U.S. intelligence officials are planning to provide information including classified threat reports to companies about the risks of hacking and other crimes tied to the supplies and services they buy.”

“The White House’s Commission on Enhancing National Cybersecurity is launching a public plea for help Wednesday in understanding the “current and future states of cybersecurity in the digital economy.” The commission — comprised by prominent academics, former officials and industry luminaries that effectively serve as voluntary cybersecurity consultants to the President — will release a request for information, or RFI, soliciting public comment tomorrow, according to a Federal Register notice. ”

“This article explores on the unlikely alliance between government and hackers which was manifested during the Black Hat USA conference in Las Vegas last week. But there’s still some mutual fear between the two communities, panelists agreed. “For many people in government, ‘hacker’ still means criminal. And there’s still a lot of distrust of government from the hacker community.”

“Industry lobbyists are pleased that FDA has issued draft guidance to try to clarify when medical device manufacturers and software developers can change their products without going through new regulatory review. It’s an issue that’s become big in cybersecurity because vulnerable devices are seen as a way to hack into health care records.”

“Amid the latest technology and research discussed at Black Hat USA, enterprises still aren’t implementing common sense cyber-security practices. Although most threats are preventable by following “Security 101” practices that require only basic common sense and preparation—advice which often is ignored, overlooked or deemed not cost-effective by executives.”

“America’s biggest banks are joining forces to combat the growing threat from cybercriminals, setting up a group that will work on preparing for attacks and improving information sharing, according to the Wall Street Journal. The group of eight includes Bank of America,Bank of New York Mellon, Citi, Goldman Sachs, Morgan Stanley, State Street, Wells Fargo and JPMorgan Chase”

“The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters. As late as June, hackers had access to DNC systems and the network used by the Democratic Congressional Campaign Committee, a group that raises money for Democratic candidates and shares an office with the DNC in Washington, people with knowledge of the cases have said.”

Israel

“The confirmation of a temporary enables the transfer of cybersecurity responsibility from the hands of the Israeli Security Agency (shin bet) to the National Cybersecurity Authority, regarding most organizations with vital computer systems .”

UK

“The international development index is a study that measures the ability of 10 countries around the world on their readiness to compete in the digital economy. The study, conducted by Barclays, attributes an overarching ‘digital empowerment’ score to each nation. It found that the UK came in 4th place behind new and emerging ‘digital tiger’ economies Estonia, South Korea and Sweden.”

“Estonian-based network operator Elektrilevi has joined the European Network for Cyber Security (ENCS) to focus on improving cyber resilience. With a total network of about 64,000km of power lines and more than 24,000 substations, Elektrilevi has approximately 475,000 customers and is the largest network operator in Estonia, Northern Europe.”

Netherlands

“Based in the Netherlands, Olivier Beg discovered 20 separate security flaws within United Airlines’ computer systems. As a reward, the airlines offered million United MileagePlus miles — a $25,000 value – for revealing 20 bugs to United’s program, as part of a challenge to help the company fix security flaws on its website.”

Poland

“September 26-27, 2016, Krakow, Poland, will host the 2nd European Cybersecurity Forum – CYBERSEC, the Annual Public Policy Conference dedicated to strategic aspects of cybersecurity. The invited experts will focus on building a regional cybersecurity system for Central and Eastern Europe, cyberdefence of NATO member states, cyber education and cyber innovations as well as public-private partnerships,” the statement reads.”

China

“On July 27, 2016, the State Council and the Communist Party Central Committee jointly released a blueprint for the country’s national IT strategy, which will guide Chinese government policy efforts over the next decade. Beijing sees the plan and its targets as critical to establishing China as an innovation and technology “powerhouse.”

“Over the last few years, Chinese President Xi Jinping has made improving cybersecurity a major policy goal. And yet the Chinese leadership is moving towards criminalizing the people that have the power to make that happen—white hat hackers.”

“The ongoing dispute over the South China Sea has apparently spilled over into cyberspace recently, as hackers believed to be from China have attacked government and private-sector organizations linked to the row over the key waterway, a new analysis has found.”

Iran

“Iran has gradually improved its offensive cyber abilities and developed more advanced ballistic missiles since signing an accord last year to curb its nuclear program, the U.S. Defense Department said.”

Russia

“Leading Russian cyber-security analysts have criticised recently announced government plans to create a single national database containing the personal data of all Russian citizens, expected to be the largest electronic archive in Russia.”

EU

“A new Directive on cyber security was published in the Official Journal of the European Union. The Directive aims to achieve a common level of security of network and information systems within the EU. It requires all Member States to adopt a national strategy on the security of network and information systems and establishes security and notification requirements for operators of essential services and for digital service providers. ”

“ECSO is an pan-european industry-led organisation with members from a wide variety of stakeholders. The main objective of ECSO, according to ecs-org.eu, is to support all types of initiatives or projects that aim to develop, promote, encourage European cybersecurity, and in particular to develop the cybersecurity market in Europe and the growth of a competitive cybersecurity and ICT industry, with an increased market position.”

NATO

“Weeks before the Democratic convention was upended by 20,000 leaked e-mails released through WikiLeaks, another little-known website began posting the secrets of a top NATO general, billionaire George Soros’ philanthropy and a Chicago-based Clinton campaign volunteer.”

Feature

“SAP’s 2016 Cyber Threat Report reveals mounting and expanding vulnerabilities in most of its systems and platforms. The majority (69%) of its 36000 SAP systems worldwide available on the Internet should not be “configured for remote access.” “It’s noteworthy that the number of talks on security conferences directly affects the level of SAP Security in a particular country.”